Get Out The Defibrillators! Major Security Flaw ‘Heartbleed’ Affects Nearly 66 Percent Of The ‘Net
This is scary! “As much as 66 percent of the web may have been compromised by a newly revealed security flaw called Heartbleed,” reports The Huffington Post.
Heartbleed is a bug that affects an important Internet security protocol called SSL, specifically one implementation of SSL called OpenSSL.
Here are some SSL basics: Whenever you log on to a website, your login credentials are then forwarded to that website’s server and it’s usually in an encrypted form using a protocol known as Secure Sockets Layer (SSL).
Various software makers use different versions of SSL and one of the most commonly used is an open-source implementation or OpenSSL. In fact, a whopping two thirds of websites are estimated to use OpenSSL. “It basically gives you a secure line when you’re sending an email or chatting on IM,” reports Business Insider.
Here’s the problem. Since Heartbleed’s a bug in OpenSSL, hackers can use Heartbleed to retrieve raw text from emails, instant messages, passwords, even business documents — anything a user sends to a vulnerable site’s server.
“Because of a programming error in the implementation of OpenSSL, the researchers found that it was possible to send a well-disguised packet of data that looked like one of these heartbeats to trick the computer at the other end into sending data stored in its memory,” reports Business Insider.
But get this–the Heartbleed security flaw has been a problem for almost two years. So who knows what data has been compromised. Vox.com’s Timothy Lee tells Business Insider that even credit-card numbers could be retrieved from data sitting in memory on servers that power some services.
“Heartbleed is so serious — it’s such a big, bad event — that almost every major service is scrambling to clean it up as quickly as possible,” said Matthew Prince, CEO of content delivery network Cloudflare, who estimates that most currently vulnerable websites will be “patched” by the end of the week. LearnVest just tweeted an assurance that they’ve not been affected. Flickr, Imagur and Yahoo.com are reportedly still vulnerable to Heartbleed.
Change passwords immediately, especially for services where privacy and security are a concern. Though in this case, a New York Times interview with a security expert, Zulfikar Ramzan, shows that just changing a password won’t solve the issue. Ultimately, this is an issue that dates back years, the result of human error. Furthermore, the interdependent nature of technology — the ways in which websites, software and devices are connected — increases vulnerability on an internet that’s still in its early days.
In other words, be careful out there folks. The World Wide Web is kind of like the Wild Wild West.